analyzing-options-flow
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions direct the agent to read API credentials from
{baseDir}/config/crypto-apis.env. Accessing environment files that store secrets represents a risk of sensitive data exposure. - [COMMAND_EXECUTION]: The skill utilizes the
Bash(crypto:options-*)tool to execute queries against blockchain and market data. While the tool use is restricted by a specific prefix, the execution of commands based on external data inputs is a potential risk factor. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from untrusted external sources like crypto APIs and blockchain nodes.
- Ingestion points: Market data, price history, and on-chain metrics are retrieved from external providers as specified in
SKILL.mdandreferences/implementation.md. - Boundary markers: The skill lacks explicit delimiters or specific instructions for the agent to ignore potential commands embedded within the fetched data.
- Capability inventory: The agent has access to tools including
Read,Write, andBash. - Sanitization: No procedures are defined for sanitizing or validating the content retrieved from external sources before it is processed or used in subsequent steps.
- [PROMPT_INJECTION]: The metadata in
SKILL.mdidentifies the author as Jeremy Longshore (intentsolutions.io), which is inconsistent with the provided vendor context (aAAaqwq). This discrepancy could be used to misrepresent the origin and trustworthiness of the skill. - [EXTERNAL_DOWNLOADS]: The skill connects to well-known external services including CoinGecko, Etherscan, and blockchain RPC nodes (such as Infura and Alchemy) to retrieve market and on-chain data.
Audit Metadata